Microservices Security Patterns & Protocols with Spring & PCF

September 26 2018 Talk @ Spring One Platform

A video of my talk at Microservices Security Patterns & Protocols with Spring & PCF on September 26 2018 at Spring One Platform Conference in Washington DC.


This introductory talk introduces the patterns and protocols used to secure microservices. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenId Connect, and others can be combined to make writing secure microservices easy. The patterns and protocols will be illustrated with a demo application build using Spring & PCF. The goal is to demonstrate how to make writing secure microservices easier.

Next Generation Session Management with Spring Session

Article I originally published at InfoQ, you can read the full version there.

Session management has been part of enterprise Java for so long that it has faded to the background of our consciousness as a solved problem, and we have not seen any major innovation in that arena in recent memory.

However the modern trend towards micro services and horizontally scalable cloud native applications challenges the assumptions upon which session managers have been designed and built for the past 20 years, and exposes flaws in the design of modern session managers.

This article will demonstrate how the recently released Spring Session APIs help surmount some of the limitations of the current approach to session management, traditionally employed by enterprise Java. We will start with a summary of the problems with current session managers, then dig into the details of how Spring Session solves each of those problems. We will wrap up the article with a detailed explanation of how Spring Session works and how you can use it in your projects.

Read the full article on InfoQ